<?php session_start(); ?>
<html>
    <head>
        <title>Change Password</title>
        <link href="style3.css" rel="stylesheet" type="text/css" />
        <?php include 'jquery.php'; ?>
        <script type="text/javascript" src="functions.js"></script>
        <script type="text/javascript">
            $(document).ready(function(){
                check_top();
            });
        </script>
    </head>
    <body>
        <?php
        require_once "statics.php";
        require_once "functions.php";
        if (isset($_SESSION['lang']))
            require_once "./language_files/changepass_" . $_SESSION['lang'] . ".php";
        else
            require_once "./language_files/changepass_en.php";
        $memberID = $_SESSION['member_id'];
        $email = $_SESSION['email'];
        ?><fieldset><legend><?php echo $lang['change_pass'] ?></legend>
        <form method="post" action="">
            <table class='no_border' style="width: 500px;">
        <tr><td><label><?php echo $lang['old_pass'] ?></label></td>
        <td><input type='password' name='oldpass' id="Opass" /></td></tr><br />
        <tr><td><label><?php echo $lang['Cold_pass'] ?></label></td>
           <td><input type='password' name='confirm' id="Cpass" /></td></tr><br />
        <tr><td><label><?php echo $lang['new_pass'] ?></label></td>
            <td><input type='password' name='new' id="Npass" /></td></tr><br />
        <tr><td><input type='submit' name='save' value='Change password'/></td></tr>
        </table>
        </form>
        </fieldset><?
        if (isset($_POST['save'])) {
            if (isset($_POST['oldpass']) && $_POST['oldpass'] != NULL && isset($_POST['confirm']) && $_POST['confirm'] != NULL
                    && isset($_POST['new']) && $_POST['new'] != NULL) {
                $old = mysql_safe($_POST['oldpass']);
                $confirm = mysql_safe($_POST['confirm']);
                $new = mysql_safe($_POST['new']);
                if ($new != $confirm) {
                    echo "<script>alert('Password confirmation failed');</script>";
                } else if (strlen($new) < 8) {
                    echo "<script>alert('New password must be at least 8 characters');</script>";
                } else {
                    $rsPassword = rsSelect("member_id,password,activated", "member", array("email=", $email));
                    if (is_string($rsPassword)) {
                        exit();
                    }
                    if (mysql_num_rows($rsPassword) == 0) {
                        exit();
                    }
                    $row = mysql_fetch_assoc($rsPassword);
                    $salt = substr($row['password'], 0, 64);
                    $password = $salt . $old;
                    for ($i = 0; $i < 10000; $i++) {
                        $password = hash("sha256", $password);
                    }
                    $password = $salt . $password;
                    if ($password != $row['password']) {
                        echo "<script>alert('wrong password!!');</script>";
                        exit();
                    } else {
                        $salt = hash("sha256", uniqid(mt_rand(), true) . strtolower($email));
                        $password = $salt . $new;
                        for ($i = 0; $i < 10000; $i++) {
                            $password = hash("sha256", $password);
                        }
                        $password = $salt . $password;
                        $update = mysql_query("UPDATE member SET password = '$password'
                   WHERE member_id = $memberID AND email = '$email'") or die(mysql_error());
                        echo "<script>alert('password changed successfully');
               window.location = 'profilePage.php?property_variable=mine';</script>";
                    }
                }
            } else {
                echo "<script>alert('all fields are required');</script>";
            }
        }
        ?>
    </body>
</html>